Tag Archives: login scripts

PHP Login Script (Basics) part 2

4. Creating Login Page (logon.php)

Login page is quite simple. It has 3 basic elements
a. Username Field
b. Password Field
c. Submit button
You can add “remember me” option if u like..

<!--<span class="hiddenSpellError" pre=""-->DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
&lt;title&gt;Login Demo&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;
&lt;h1&gt;Members Login&lt;/h1&gt;

<!--?<span class="hiddenSpellError" pre=""-->&lt;?php
if(isset($_GET['msg']))
{
echo "&lt;h4&gt;".$_GET['msg']."&lt;/h4&gt;";
}
?&gt;
&lt;form action="Login.php" method="post" name="login_form" id="login_form"&gt;
<label>Username : </label>&lt;input name="username" type="text" id="username" size="50" maxlength="50" /&gt;

<label>Password : </label>&lt;input name="password" type="password" id="password" size="50" maxlength="32" /&gt;

&lt;input name="rememberme" type="checkbox" id="rememberme" /&gt;<label>Remember me</label>

&lt;input name="submit" type="submit" id="submit" value="Login" /&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Login Demo</title>

</head>

<body>

<h1>Members Login</h1>

<?php

if(isset($_GET['msg']))

{

echo "<h4>".$_GET['msg']."</h4>";

}

<label>Username : </label><input name="username" type="text" id="username" size="50" maxlength="50" />

<label>Password : </label><input name="password" type="password" id="password" size="50" maxlength="32" />

<input name="rememberme" type="checkbox" id="rememberme" /><label>Remember me</label>

</form>

</body>

</html>

5. The Login Script (login.php)

<!--?<span class="hiddenSpellError" pre=""-->&lt;?php
session_start(); // to use sessions Variables IMPORTANT

// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());

&nbsp;

// Makes sure all are filled it in
if(!$_POST['username'] || !$_POST['password'])
{
header('Location: logon.php?msg=You did not fill in a required field.');
}

&nbsp;

// Checks username in the database
if (!get_magic_quotes_gpc())
{
$_POST['username'] = addslashes($_POST['username']);

}
$check_users = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

&nbsp;

//Gives error if user dosenot exist
$users_found = mysql_num_rows($check_users);
if ($users_found == 0)
{
header('Location: logon.php?msg=That user does not exist in our database. <a href="register.php">Click Here to Register</a>');
}
while($user_info = mysql_fetch_array( $check_users ))
{
$_POST['password'] = stripslashes($_POST['password']);
$user_info['password'] = stripslashes($user_info['password']);
$_POST['password'] = md5($_POST['password']);

//gives error if the password is wrong
if ($_POST['password'] != $user_info['password'])
{
header('Location: logon.php?msg=Incorrect password, please try again.');

}
else

{

// if login is ligitimate we update the SESSION Variables
$_POST['username'] = stripslashes($_POST['username']);
$_SESSION['website_userid']=$_POST['username'];
$_SESSION['website_key']=$_POST['password'];
$_SESSION['isLoggedIn']='1';

// if the user choosed the 'remember me' option , we set the cookies
if(isset($_POST['rememberme']) &amp;&amp; $_POST['rememberme']=='1')
{

// remembers the user for a year
$hour = time() + (356*24);
setcookie('website_userid', $_SESSION['website_userid'], $hour);
setcookie('website_key', $_SESSION['website_key'], $hour);
}

&nbsp;

//then redirect them to the members area
header("Location: members.php");

}

} // end of while loop
?&gt;

<?php

session_start(); // to use sessions Variables IMPORTANT

// Connects to your Database

mysql_connect("localhost", "username", "password") or die(mysql_error());

mysql_select_db("db_name") or die(mysql_error());

// Makes sure all are filled it in

if(!$_POST['username'] || !$_POST['password'])

{

header('Location: logon.php?msg=You did not fill in a required field.');

}

// Checks username in the database

if (!get_magic_quotes_gpc())

{

$_POST['username'] = addslashes($_POST['username']);

}

$check_users = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosenot exist

$users_found = mysql_num_rows($check_users);

if ($users_found == 0)

{

header('Location: logon.php?msg=That user does not exist in our database. <a href="register.php">Click Here to Register</a>');

}

while($user_info = mysql_fetch_array( $check_users ))

{

$_POST['password'] = stripslashes($_POST['password']);

$user_info['password'] = stripslashes($user_info['password']);

$_POST['password'] = md5($_POST['password']);

//gives error if the password is wrong

if ($_POST['password'] != $user_info['password'])

{

header('Location: logon.php?msg=Incorrect password, please try again.');

}

else

{

// if login is ligitimate we update the SESSION Variables

$_POST['username'] = stripslashes($_POST['username']);

$_SESSION['website_userid']=$_POST['username'];

$_SESSION['website_key']=$_POST['password'];

$_SESSION['isLoggedIn']='1';

// if the user choosed the 'remember me' option , we set the cookies

if(isset($_POST['rememberme']) && $_POST['rememberme']=='1')

{

// remembers the user for a year

$hour = time() + (356*24);

setcookie('website_userid', $_SESSION['website_userid'], $hour);

setcookie('website_key', $_SESSION['website_key'], $hour);

}

//then redirect them to the members area

header("Location: members.php");

}

} // end of while loop

This login script authenticates

users to access the restricted Members Area. and also sets $_COOKIES and $_SESSION variables for future use..

6. Members Area (members.php)

&nbsp;

&lt;?php session_start();?&gt;
<!--<span class="hiddenSpellError" pre=""-->DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
&lt;title&gt;Members Areas&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;
&lt;?php

// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());

&nbsp;

//checks cookies and Session
if(isset($_COOKIE['website_userid']) || (isset($_SESSION['isLoggedIn']) &amp;&amp; $_SESSION['isLoggedIn']=='1') )
{

// If the user SESSION is still valid or he just logged in
if(isset($_SESSION['isLoggedIn']) &amp;&amp; $_SESSION['isLoggedIn']=='1')
{
$username = $_SESSION['website_userid'];
$pass = $_SESSION['website_key'];
}

// if the user had chosen the 'remember me' option
else
{
$username = $_COOKIE['website_userid'];
$pass = $_COOKIE['website_key'];
}
if (!get_magic_quotes_gpc())
{
$cookie_username=addslashes($username); // makes Cookie sql injection impossible
$cookie_pass=addslashes($pass);
}

// Checks with cookie data
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

// Fetches data if the User exists using either SESSION data or Cookie data
while($user_info = mysql_fetch_array($check) )
{

// First Checks if the cookie has the incorrect password, they are directed to the logon page
if ($pass != $user_info['password'])
{
header('Location: logon.php?msg=Please login with your new password');

}

//otherwise Members Content are displayed
else
{
echo '&lt;h1&gt;Members Area&lt;/h1&gt;';
echo '&lt;p&gt;Welcome '.$username.'&lt;/p&gt;';
echo '&lt;br /&gt; &lt;a href="logout.php"&gt;Logout&lt;/a&gt;';
}

} // end of while loop

} // end of if condition to check cookies and sessions

else
//if both cookie or the Session does not exist, then .. they are directed to the logon screen
{
header("Location: logon.php?msg=Login First!");
}

?&gt;
&lt;/body&gt;
&lt;/html&gt;

&nbsp;

<?php session_start();?>

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Members Areas</title>

</head>

<body>

<?php

// Connects to your Database

mysql_connect("localhost", "username", "password") or die(mysql_error());

mysql_select_db("db_name") or die(mysql_error());

//checks cookies and Session

if(isset($_COOKIE['website_userid']) || (isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn']=='1') )

{

// If the user SESSION is still valid or he just logged in

if(isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn']=='1')

{

$username = $_SESSION['website_userid'];

$pass = $_SESSION['website_key'];

}

// if the user had chosen the 'remember me' option

else

{

$username = $_COOKIE['website_userid'];

$pass = $_COOKIE['website_key'];

}

if (!get_magic_quotes_gpc())

{

$cookie_username=addslashes($username); // makes Cookie sql injection impossible

$cookie_pass=addslashes($pass);

}

// Checks with cookie data

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

// Fetches data if the User exists using either SESSION data or Cookie data

while($user_info = mysql_fetch_array($check) )

{

// First Checks if the cookie has the incorrect password, they are directed to the logon page

if ($pass != $user_info['password'])

{

header('Location: logon.php?msg=Please login with your new password');

}

//otherwise Members Content are displayed

else

{

echo '<h1>Members Area</h1>';

echo '<p>Welcome '.$username.'</p>';

echo '<br /> <a href="logout.php">Logout</a>';

}

} // end of while loop

} // end of if condition to check cookies and sessions

else

//if both cookie or the Session does not exist, then .. they are directed to the logon screen

{

header("Location: logon.php?msg=Login First!");

}

</body>

</html>

This is the page you want only the authenticated users to access. In this page the cookies and Sessions are first checked and if the credentials are legit then the Members Area Contet is displayed or else it redirects the the visitors to the logon page.

7. Logout Script (logout.php)

&lt;?php
session_start();
$past = time() - 100;

//this makes the time negative to destroy the cookie
setcookie('website_userid', xOx, $past);
setcookie('website_key', xOx, $past);

// this destroyes all the session variables
session_destroy();
header("Location: logon.php?msg=Logged out successfully");

?&gt;

<?php

session_start();

$past = time() - 100;

//this makes the time negative to destroy the cookie

setcookie('website_userid', xOx, $past);

setcookie('website_key', xOx, $past);

// this destroyes all the session variables

session_destroy();

header("Location: logon.php?msg=Logged out successfully");

This Script destroys all the $_SESSION variables and unsets all the $_COOKIES to successfully

logout the user from the website..

Download the full Code

< Create Registration page and Script Part 1

PHP Login Script (Basics)

19 Replies

Warning: array_key_exists() [function.array-key-exists]: The first argument should be either a string or an integer in /home/content/12/8998112/html/wp-content/plugins/jetpack/modules/photon.php on line 183

PHP ( Hypertext Preprocessor) is a widely used scripting language all over the Internet.. Even Facebook is entirely made with PHP.. PHP with MySQL becomes a powerful tool yet flexible.. In this

tutorial i am going to teach you how to create a basic fail proof and Hack proof Login system for your website and provide you with the php login and registration scripts.. You can alse see the advanced professional version of the login script ..

Here is a brief idea about the steps we are going to take up..

Setting up DataBase (Using MySQL)
Creating the Registration page (register.php)
The Registration script (CreateUser.php)
Creating Login page (logon.php)
The login Script (Login.php)
Members area (MembersArea.php)
The logout script (Logout.php)

1. Setting up Database Minimal (MySQL)

Before we begin, we need to setup out

database first .. I use PhpMyAdmin for this purpose which is quite easier to use.. So in PhpMyAdmin Create a table named user with 3 fields
a. user_id of INTEGER (11) and AUTO INCREAMENT
b. username VARCHAR(50)
c. password VARCHAR(32) .

username and password fields are mandatoryfor obvious reasons

or can use the code :-

&nbsp;

CREATE TABLE `users` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) NOT NULL,
`password` varchar(32) NOT NULL,
PRIMARY KEY (`user_id`),
UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 ;

&nbsp;

CREATE TABLE `users` (

`user_id` int(11) NOT NULL AUTO_INCREMENT,

`username` varchar(50) NOT NULL,

`password` varchar(32) NOT NULL,

PRIMARY KEY (`user_id`),

UNIQUE KEY `username` (`username`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1 ;

One you are done with that you will see something like this:-

2. Creating a Registration Form (register.php)

We basically need 3 fields in a generic registration page
a. username field
b. password field
c. retype-password field
and the Submit button

&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
&lt;title&gt;Register&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;h1&gt;Register Now!&lt;/h1&gt;
&lt;strong id="server_response"&gt;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Register</title>

</head>

<body>

<h1>Register Now!</h1>

&lt;?php
if(isset($_GET['msg']))
{
echo $_GET['msg'];
}
?&gt;

<?php

if(isset($_GET['msg']))

{

echo $_GET['msg'];

}

&lt;/strong&gt;
&lt;form action="CreateUser.php" method="post" name="registration_form" id="registration_form"&gt;
&lt;label&gt;Username&lt;/label&gt;
&lt;input name="username" type="text" id="username" size="50" maxlength="50" /&gt;&lt;br /&gt;
&lt;label&gt;Password&lt;/label&gt;
&lt;input name="password" type="password" id="password" size="50" maxlength="100" /&gt;&lt;br /&gt;
&lt;label&gt;Re-type Password&lt;/label&gt;
&lt;input name="repassword" type="password" id="repassword" size="50" maxlength="100" /&gt;&lt;br /&gt;
&lt;input type="submit" value="Register" name="submit" /&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

</strong>

<label>Username</label>

<label>Password</label>

<label>Re-type Password</label>

</form>

</body>

</html>

Gives the output as :-

register.php

3. Creating user script (CreateUser.php)

&lt;?php

// This will connect to your database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());

//This checks if all the fields are filled or not
if (!$_POST['username'] ||  !$_POST['password'] ||  !$_POST['repassword'] )
{
header('Location: register.php?msg=You did not complete all of the required fields');
}

// checks if the username entered is already registered or not
if (!get_magic_quotes_gpc())
{
//Adds Slashes to prevent SQL injections n to support usernames like O'reily etc..
$_POST['username'] = addslashes($_POST['username']);
}

$user2check = $_POST['username'];
$check_user = mysql_query("SELECT username FROM users WHERE username = '$user2check'") or die(mysql_error());
$get_user_mum = mysql_num_rows($check_user);

//if the name exists it redirects with an error
if ($get_user_mum != 0)
{

header('Location: register.php?msg=Sorry, the username '.$_POST['username'].' is already in use.');
}

// This is to check if both the passwords entered match
if ($_POST['password'] != $_POST['repassword'])
{

header('Location: register.php?msg=Your passwords did not match.');

}

// This part encrypts the password and add slashes to make it hack proof
$_POST['password'] = md5($_POST['password']); // we use md5 encryption, other encryption technique is crypt()..
if (!get_magic_quotes_gpc())
{
$_POST['password'] = addslashes($_POST['password']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$create_user_query = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['password']."')";
$create_user = mysql_query($create_user_query);

//This sends a success message if user created
if($create_user)
{
header('Location: register.php?msg=Thank you for registering ');
}

?&gt;

<?php

// This will connect to your database

mysql_connect("localhost", "username", "password") or die(mysql_error());

mysql_select_db("db_name") or die(mysql_error());

//This checks if all the fields are filled or not

if (!$_POST['username'] || !$_POST['password'] || !$_POST['repassword'] )

{

header('Location: register.php?msg=You did not complete all of the required fields');

}

// checks if the username entered is already registered or not

if (!get_magic_quotes_gpc())

{

//Adds Slashes to prevent SQL injections n to support usernames like O'reily etc..

$_POST['username'] = addslashes($_POST['username']);

}

$user2check = $_POST['username'];

$check_user = mysql_query("SELECT username FROM users WHERE username = '$user2check'") or die(mysql_error());

$get_user_mum = mysql_num_rows($check_user);

//if the name exists it redirects with an error

if ($get_user_mum != 0)

{

header('Location: register.php?msg=Sorry, the username '.$_POST['username'].' is already in use.');

}

// This is to check if both the passwords entered match

if ($_POST['password'] != $_POST['repassword'])

{

header('Location: register.php?msg=Your passwords did not match.');

}

// This part encrypts the password and add slashes to make it hack proof

$_POST['password'] = md5($_POST['password']); // we use md5 encryption, other encryption technique is crypt()..

if (!get_magic_quotes_gpc())

{

$_POST['password'] = addslashes($_POST['password']);

$_POST['username'] = addslashes($_POST['username']);

}

// now we insert it into the database

$create_user_query = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['password']."')";

$create_user = mysql_query($create_user_query);

//This sends a success message if user created

if($create_user)

{

header('Location: register.php?msg=Thank you for registering ');

}

This Script will first check if all the fields are filled and then validate them. If the fields are filled not in the way they are suppose to be, they get redirected back to the registration page but with an error message. This validation can also be done using JavaScripts. If all the inputs are valid then a new row is inserted in the database ..

Part 2 (Login Script ) >